Cookies???

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 25-02-09 08:54

I recently got interested in seeing the cookies of HBH and I noted it down...later..I logged off and cleared all my cookies and created each cookie manually(all done using JavaScript)......to my surprise...I got logged on...
1.)is this usual(please don't flame..I'm new to all this).......or is there some fault in the system authentication unit???
2.)If this is so..cant we just try and get the potential parameters(again..I'm new to all this)...and attempt to hijack HBH cookies???

*I have been thinking about this for some time(5 hours approx)....I'm sorry if this is real stupid...as I have told before...I'm new to hacking and (after all...this is a hacking site..I don't expect it to be hacked open so easily)

RE: Cookies???

Omg... You deleted and replaced your cookies with identical ones... And it worked?!!! Omg...

Thanks Yours31f!
Make poverty history... Cheaper drugs now! - Frank gallagher
[small][center]Einstein climbs to the top of Mt. Sinai to get close enough to talk to God.
Looking up, he asks the Lord...
"God, what does a million years mean to you?"
The Lord replies, "A minute."
"Einstein asks, "And what does a million pounds mean to you?"
The Lord replies, "A penny."
Einste

Author

RE: hmmm....

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 26-02-09 10:33

I did study into the topic...I read into it as soon as I faced a challenge featuring cookies(Don't remember whether it was in HTS,HBH or Hack Quest)(and that was last year).

However I expected that the Website would delete cookies as soon as the user logged off(its mentioned in Wikipedia)(I tried that too..it worked..the cookie is valid even after the user logs off).

Instead I find that the IP address is tagged here.Meaning physical access to the comp. or one in its network(if used as a proxy) could enable me to steal cookies and use them for logging on.
while I realize that physical access is not that easily acquired...Its still a vulnerability(Mostly on public computers...but a keylogger would be more effective there)